<div dir="ltr"><p style="margin-bottom:18px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:18px;line-height:27px;font-family:georgia,"droid serif",serif;color:rgb(51,51,51);margin-top:13px;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial"><strong><em><a href="http://www.orlandosentinel.com/business/brinkmann-on-business/os-rosen-hotels-data-breach-20170329-story.html">http://www.orlandosentinel.com/business/brinkmann-on-business/os-rosen-hotels-data-breach-20170329-story.html</a><br></em></strong></p><p style="margin-bottom:18px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:18px;line-height:27px;font-family:georgia,"droid serif",serif;color:rgb(51,51,51);margin-top:13px;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial"><strong><em>An insurance company for Rosen Hotels & Resorts has filed a lawsuit claiming Rosen is not covered for more than $2.4 million in damages related to a data breach announced last year.</em></strong></p><p style="margin-bottom:18px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:18px;line-height:27px;font-family:georgia,"droid serif",serif;color:rgb(51,51,51);letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial">And the costs could be more than that, if Rosen faces legal claims from customers, according to the lawsuit.</p><p style="margin-bottom:18px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:18px;line-height:27px;font-family:georgia,"droid serif",serif;color:rgb(51,51,51);letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial">The lawsuit filed by St. Paul Fire & Marine Insurance Co. offers explicit details about the high cost of data breaches, particularly with a long-term data breach. The hotel company<span class="gmail-Apple-converted-space"> </span><a href="http://www.orlandosentinel.com/business/brinkmann-on-business/os-rosen-hotels-data-breach-20160308-post.html" target="_blank" style="text-decoration:none;color:rgb(224,85,4)">warned its customers in March 2016 that its payment data “may have been” breached</a><span class="gmail-Apple-converted-space"> </span>by malware programs about 18 months earlier.</p><p style="margin-bottom:18px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:18px;line-height:27px;font-family:georgia,"droid serif",serif;color:rgb(51,51,51);letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial">Rosen allegedly was slapped with $1 million fines from Visa and Mastercard each; $128,830 fine from American Express; $50,000 in attorneys' fees; $15,000 in fees to a crisis-management firm; $40,000 in costs to send notifications to clients; and a bill for $150,000 to a data forensics team that identified the breach. <br></p><p style="clear:both;margin-bottom:18px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:18px;line-height:27px;font-family:georgia,"droid serif",serif;color:rgb(51,51,51);letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial">According to the insurance lawsuit filed Monday in Orlando federal court against Rosen’s sister company Rosen Millennium Technology Group, Rosen’s costs could keep going up, if individuals affected by the data breach file additional claims. Several attempts to reach Rosen’s spokeswoman about additional questions were not successful.</p><p style="margin-bottom:18px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:18px;line-height:27px;font-family:georgia,"droid serif",serif;color:rgb(51,51,51);letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial">A report sponsored by IBM last year said that the average total cost of a data breach, worldwide, is about $4 million.</p><p style="margin-bottom:18px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:18px;line-height:27px;font-family:georgia,"droid serif",serif;color:rgb(51,51,51);letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial">The length of time in which Rosen’s breach occurred drew attention. In March 2016, a writer on DataBreaches.net said of the Rosen breach: “Having to disclose a breach to your customers … and a breach that began in 2014 and continued until recently … is not a task I’d relish.”</p><p style="margin-bottom:18px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:18px;line-height:27px;font-family:georgia,"droid serif",serif;color:rgb(51,51,51);letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial">The technology company, which also includes hotel founder Harris Rosen as chairman and president along with other Rosen Hotels executives, shares an address with Rosen<span class="gmail-Apple-converted-space"> </span><a id="gmail-ORCRP0017745" title="Rosen Hotels &amp; Resorts" href="http://www.orlandosentinel.com/topic/business/tourism-leisure-industry/hotel-accommodation-industry/rosen-hotels-%26-resorts-ORCRP0017745-topic.html" style="text-decoration:none;color:rgb(224,85,4)">Shingle Creek</a><span class="gmail-Apple-converted-space"> </span>resort. The data breach occurred at Rosen Hotels and was announced by Rosen Hotels.</p><aside class="gmail-trb_ar_sponsoredmod" style="margin:5px 0px 25px;clear:both;color:rgb(0,0,0);font-family:times;font-size:10px;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial"></aside><p style="clear:both;margin-bottom:18px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:18px;line-height:27px;font-family:georgia,"droid serif",serif;color:rgb(51,51,51);letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial">Any detailed information about the cost of a data breach can be a cautionary tale to other companies, said payment industry consultant Allen Weinberg.</p><p style="margin-bottom:18px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:18px;line-height:27px;font-family:georgia,"droid serif",serif;color:rgb(51,51,51);letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial">“The fines are usually related to the cards that were compromised. I believe the proceeds are used in part to compensate the banks and issuers to re-issue cards.</p><p style="margin-bottom:18px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:18px;line-height:27px;font-family:georgia,"droid serif",serif;color:rgb(51,51,51);letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial">“All these companies dread data breaches. They have to hire outside help. It’s a big headache,” Weinberg said. “The fines are usually related to the cards that were compromised. I believe the proceeds are used in part to compensate the banks and issuers to re-issue cards.”</p><p style="margin-bottom:18px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:18px;line-height:27px;font-family:georgia,"droid serif",serif;color:rgb(51,51,51);letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial">St. Paul Fire & Marine is seeking a judge’s order declaring that Rosen’s policy doesn’t require St. Paul to cover the costs of the data breach, which spanned September 2, 2014 and February 18, 2016. According to the suit, Rosen asked the insurance company for information about its coverage, and the company responded with a denial-of-coverage letter.</p><p style="margin-bottom:18px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:18px;line-height:27px;font-family:georgia,"droid serif",serif;color:rgb(51,51,51);letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial">The insurance company says Rosen had a commercial general liability policy that doesn’t cover the data breach incident, but the lawsuit give no further reason for St. Paul’s decision.</p><p style="margin-bottom:18px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:18px;line-height:27px;font-family:georgia,"droid serif",serif;color:rgb(51,51,51);letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial">Rosen has several hotel properties in Central Florida, including the 1,500 room Rosen Centre on International Drive.</p><p style="margin-bottom:18px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:18px;line-height:27px;font-family:georgia,"droid serif",serif;color:rgb(51,51,51);letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial">In a news release announcing the breach, Rosen said it had been informed of a “pattern of unauthorized charges occurring on payment cards after they had been used by some of our guests during their stay,” and that “an unauthorized person installed malware” on its payment card network, which searched for data read from the magnetic stripe of payment cards.</p><p style="margin-bottom:18px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:18px;line-height:27px;font-family:georgia,"droid serif",serif;color:rgb(51,51,51);letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial">Weinberg said it’s possible that Rosen’s customer payment data was stolen but wasn’t used for a period of time.</p><p style="margin-bottom:18px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:18px;line-height:27px;font-family:georgia,"droid serif",serif;color:rgb(51,51,51);letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial">Since 2015, the banking industry has recommended using cards with micro-chips instead of magnetic strips. As of October 2015, banks and payment companies have said they will hold merchants liable for stolen data from magnetic-strip cards.</p><p style="margin-bottom:18px;font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:18px;line-height:27px;font-family:georgia,"droid serif",serif;color:rgb(51,51,51);letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial">Last year Rosen said it had implemented “enhanced security measures” to help prevent data theft. It had also set up a dedicated hotline for a period time for customers with questions about the breach.</p></div>